[ On Thursday, July 13, 2000 at 15:48:33 (+0100), Andy Doran wrote: ]
> Subject: Re: newsyslog
>
> [/var/run, /var/spool/lock]
>
> To accomplish this newsyslog(8) becomes suid root, with the euid being set
> to ruid when the elevated privs are not needed...
Whatever gives you that idea?!?!?!? NEVER make it setuid to root!!!!
It *might* need to be made set-GROUP-id to 'daemon' and /var/spool/lock
then needs to be made group-writable of course, but that's the very very
worst.
Though I do see on the one UUCP and dial-out machine I have that I had
to change /var/spool/lock to group "dialer" and make it group writable
so that modems could be properly shared.
In theory making /var/spool/lock world-writable with the sticky bit
should be sufficient for all but the most paranoid situations.... The
more paranoid folks could create a separate lock directory with a unique
group ownership which all authorised newsyslog users would be members of
and of course in order to succeed in creating the lock they'd have to
specify a writable directory on the command-line....
--
Greg A. Woods
+1 416 218-0098 VE3TCP <gwoods@acm.org> <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>